Create an SNS (Simple Notification Service) Topic with Email subscription
for numbered notes reading: page elements like links, tab names are capitalized, actions performed on the same page will be put in the same numbered note.
Switch to US East (N. Virginia) region
Services - SNS
Create Topic and name it 'admin_email'
Create Subscription
choose email as Protocol and fill in the email as Endpoint
confirm email
Enable billing alert
(topic right header dropdown) My Billing Dashboard
Preferences
check the box Receive Billing Alerts (this checkbox is now default to checked)
Setup a CloudWatch billing alarms
(tbc) billing alerts are only enabled in the north virginia region
Switch to US East (N. Virginia) region
Services - CloudWatch
Create Alarm
select Receive Billing Alerts
select USD as currency and 12h to 0
set EstimatedCharges to $5
select the previously created SNS topic in the Send Notification To dropdown, and select State is ALARM in the Whenever this alarm dropdown
Create Alarm
Setup MFA on your root AWS account
Create a new user
Services - IAM
Users
Add User
enter user name, check Generate an Access Key for Each User checkbox
Create
download user credential
(now you should delete the root account access key to make your account more secure)
go to Security Credentials tab
Manage Password
Assign a custom password
go to IAM dashboard home screen to get the IAM user sign-in link
Create a user group
Services - IAM
Groups
Create New Group
name it 'admin' and attach the AdministratorAccess policy
Create Group
Add User to Group
Configure AWS CLI
$ aws configure
AWS Access Key ID []:
AWS Secret Access Key []:
Default region name [ap-northeast-1]:
Default output format [None]: json
Getting Inside the Virtual Machine with EC2 and VPC
Create a VPC (Virtual Private Cloud) with 2 subnets
Services - VPC
Start VPC Wizard
select the default VPC with a Single Public Subnet
name your VPC pizza-vpc, select any (us-west-2a) Availability Zone, and name Subnet as pizza-subnet-a
Create VPC
Enable VPC for accessing Internet
VPC Dashboard
select your created VPC
click the Route Table link in the Summary tab
select the Routes tab
Edit
add another route with Destination 0.0.0.0/0 and Target igw-xxx (the pre-created Internet gateway)
Save
Create public subnet for scaling
VPC Dashboard
Subnets
Create Subnet
name it pizza-subnet-b, select our pizza in the VPC dropdown, select a different Availability Zone than the other subnet, give another CIDR block 10.0.1.0/24 to avoid IP conflict with the other subnet
Yes Create
Create an EC2 instance
EC2 Dashboard
Launch Instance
select Amazon Linux AMI
select the previously created VPC in the Network dropdown, select either of the subnet
select Disable in Auto-assign Public IP dropdown, leave rest of settings as default then Next
name it pizza-og
name the Security Group pizza-ec2-sg, leave the default access type (SSH) as it is for now, add a new Custom TCP Rule with Port Range 3000 and Source anywhere
Launch
Create a new Key Pair with name pizza-keys and download the pem file
# remove local dependencies with `rm -rf node_modules/`
$ scp -r -i ~/Downloads/pizza-keys.pem ./pizza-luvrs ec2-user@<your_ec2_elastic_ip>:/home/ec2-user/pizza-luvrs
Launch application on EC2
$ ssh -i pizza-keys.pem ec2-user@<your_ec2_elastic_ip>
$ cd pizza-luvrs && npm i
$ npm start
# now your application is available at <your_ec2_elastic_ip>:3000
Create an AMI (Amazon Machine Image)
EC2 Dashboard
Instances
select instance you'd like to clone
Actions
Image
Create Image
give your image a name, say 'pizza-image'
Create Image
Create a load balancer
EC2 Dashboard
Load Balancers
Create Load Balancer
Classic Load Balancer
name it pizza-loader, select our VPC, then change the Instance Port to 3000 (the port our app is running on), last select both of our subsets
Create a New Security Group, name it pizza-lb-sg, select Anywhere in the Source dropdown
Configure Health Check, change the Ping Path to / instead of /index.html
Leave the Add EC2 Instances as it is, next
Review and Create without Add Tags
Enable instance stickiness on load balancer
EC2 Dashboard
select the load balancer just created, Edit Stickness
Enable load balancer generated cookie stickiness, set Expiration Period to a whole day 86400
Create auto-scaling group to use with load balancer
Create Launch Configuration
EC2 Dashboard
Auto Scaling Groups
Create Auto Scaling Group
Create Launch Configuration
select My AMIs, select our pizza-image AMI
name it pizza-launcher, in the Advanced Details to enable our node app could be ran automatically with the script below (put in the User Data field)
make no change to the storage options
Select An Existing Security Group, select pizza-ec2-sg, then click Review
select pizza-keys as Key Pair
Create Launch Configration
!/bin/bash
echo "starting pizza-luvrs"
cd /home/ec2-user/pizza-luvrs
npm start
Create Auto Scaling Group
name it pizza-scaler, set Group Size to 2 instances, select pizza-vpc as Network, then add both subnets, don't mind the 'No public IP addresses will be assigned' warning, as only of our load balancer shall be opened to the public, check Receive traffic from one or more load balancers in the Advanced Details section, select pizza-loader as Classic Load Balancers, then click Next
Keep this group as its initial size, Next
Skip Add Notification step for now, Review
Create auto-scaling group
Secure our EC2 instance to be accessed only by load balancer
Security Groups
Edit the Inbound access of pizza-ec2-sg
update the Custom TCP Rule with Source set to sg-xxx (pizza-lb-sg)
Configure scaling rules for scaling group
EC2 Dashboard
Auto Scaling Groups
select pizza-scaler
select Scaling Policies, and Add Policy
name it scale up, Create New Alarm with Average of Network Out is >= 5000000 Bytes (for testing purpose only)
set Add 1 Instance as the Take the Action option
add one more policy to scaling back down, with configuration scale down when Network Out is <= 5000000 Bytes, and Remove 1 Instance as its action
lastly set auto scaling group max to 4 instances
Use apache benchmark for pressure testing
# 100 requests to our load balancer at max concurrent 5 requests at a time
$ ab -n 100 -c 5 http://<url_to_load_balancer>/
Hosting All the Things with S3
Create an S3 bucket
Grand access permission to everyone
go to Permissions tab of your S3 bucket
click Bucket Policy link
generate AWS policy with configuration, S3 Bucket Policy for type, for Principal, GetObject for Actions, arn:aws:s3:::/ for ARN. Then Add Statement, Generate Policy, copy the generated policy json, paste it to the Bucket Policy textarea, Save and done
Copy files to S3
# go to our project directory
$ aws s3 cp ./assets/js/ s3://<s3_bucket_name>/js/ --recursive --exclude ".DS_Store"
select pizza-og instance, select Create Image in the Actions dropdown
name it pizza-plus-s3 then Create Image
Create a new IAM role
IAM Dashboard, Role (roles are used to attach policies to)
Create New Role with name pizza-ec2-role
select Amazon EC2 as Role Type
Select AmazonS3FullAccess as Policy to attach
Create Role
Create a new launch configuration
EC2 Dashboard, Launch Configuration
Create Launch Configuration
select My AMIs - pizza-plus-s3, name it pizza-launcher-2, select pizza-ec2-role for the IAM role dropdown, give the same start script as above for User Data, lastly assign public IP to this instance as it needs to go to public Internet to access S3 by check the Assign a Public IP Address to Every Instance option
select pizza-ec2-sg for its Security Group
Create Launch Configuration
Replace the old instance with the new one in the Auto Scaling Group
EC2 Dashboard, Auto Scaling Group
select pizza-scaler, Edit
change pizza-launcher to pizza-launcher-2 in the Launch Configuration dropdown, Save
Terminate all other instances that aren't pizza-og (ones could be created by auto scaling)
DynamoDB and RDS
Create (Postgres) DB instance
Create a dev db with these Advanced Settings (rest of the settings are all pretty self explanatory)
pizza-vpc
Create new DB Subnet Group
Yes to Publicly Accessible
Create new Security Group
pizza_luvrs as Database Name
Connect to a Postgres database with Postico
RDS Dashboard, Instances
click the Security Groups link in the Configuration Details tab
edit Inbound Source setting to Anywhere
connect Postgres database with either Postico or pgAdmin using the Endpoint address which can be found in the Configuration Details tab
create the db table for our app
Interact with RDS in code with using sequelize
Create DynamoDB tables
Services, DynamoDB, Create Tables
name your table toppings, with type String id as its Partition Key, then Create
create the second table named users, with type String username as key
Connect to DynamoDB with code
Access RDS and DynamoDB with EC2
Add AmazonRDSFullAccess and AmazonDynamoDBFullAccess to the pizza-ec2-role
Automate Your App with Elastic Beanstalk and CloudFormation
Create, test, and delete pizza luvrs infrastructure with CloudFormation
retrieve the pizza-plus-s3 AMI ID in the EC2 Dashboard AMIs section
customize CloudFormation with your AMI ID
Services, CloudFormation
Create Stack
upload the json template file
name it pizza-stack then Create
Deploy an application with Elastic Beanstalk
Services, Elastic Beanstalk
Create New Application with name pizza luvrs
Create Web Server
select platform Node.js, and Load Balancing, Auto Scaling
zip all the local code including dependencies with $ pizza-luvrs zip -r package.zip .
setup Application Version, add the local zip file as Source, leave rest of the settings as it is
check Create This Environment inside a VPC in the Additional Resources
for Configuration Details, select pizza-keys as EC2 Key Pair, set Application Health Check URL as /, leave rest of the settings as it is
for VPC Configuration, select the correct VPC ID, check both ELB and EC2 for the available Availability Zone, select pizza-ec2-sg as VPC Security Group
select pizza-ec2-role for Instance Profile in Permissions setting page
Launch
Configuring an Elastic Beanstalk environment
Elastic Beanstalk Dashboard, pizza luvrs
Configuration, Software Configuration, update the Node version to the latest version supported (6.2.2), Apply
Application Mapping to AWS Services
Sounding the Alarm with IAM and Cloudwatch
Install AWS command line interface
Generate AWS access key
Create an SNS (Simple Notification Service) Topic with Email subscription
Enable billing alert
Setup a CloudWatch billing alarms
Setup MFA on your root AWS account
Create a new user
Create a user group
Configure AWS CLI
Test AWS configuration
Application architecture diagram
Getting Inside the Virtual Machine with EC2 and VPC
Create a VPC (Virtual Private Cloud) with 2 subnets
Enable VPC for accessing Internet
Create public subnet for scaling
Create an EC2 instance
Create an Elastic IP and associate EC2 instance
SSH into EC2 instance and install node
Transfer application code onto EC2
Launch application on EC2
Create an AMI (Amazon Machine Image)
Create a load balancer
Enable instance stickiness on load balancer
Create auto-scaling group to use with load balancer
Create Launch Configuration
Create Launch Configration
!/bin/bash
echo "starting pizza-luvrs" cd /home/ec2-user/pizza-luvrs npm start
Create Auto Scaling Group
Secure our EC2 instance to be accessed only by load balancer
Configure scaling rules for scaling group
Use apache benchmark for pressure testing
Hosting All the Things with S3
Create an S3 bucket
Grand access permission to everyone
Copy files to S3
Implement the storage to S3 code logic
Work with CORS in S3
Access S3 with EC2
Create a new EC2 instance
Create a new IAM role
Create a new launch configuration
Replace the old instance with the new one in the Auto Scaling Group
DynamoDB and RDS
Create (Postgres) DB instance
Create a dev db with these Advanced Settings (rest of the settings are all pretty self explanatory)
Connect to a Postgres database with Postico
Interact with RDS in code with using sequelize
Create DynamoDB tables
Connect to DynamoDB with code
Access RDS and DynamoDB with EC2
Add AmazonRDSFullAccess and AmazonDynamoDBFullAccess to the pizza-ec2-role
Automate Your App with Elastic Beanstalk and CloudFormation
Create, test, and delete pizza luvrs infrastructure with CloudFormation
Deploy an application with Elastic Beanstalk
$ pizza-luvrs zip -r package.zip .
Configuring an Elastic Beanstalk environment